Yubikey passwordless Windows local account login

Yubico used to publish a Windows Store application YubiKey for Windows Hello that allowed local non-domain joined accounts to login to Windows simply by inserting the YubiKey. However, that application has since been retired and there is no current method to perform a password login for a local account. The current tool Yubico Login for Windows allows the user to use the YubiKey as a 2nd factor but still requires a password to be typed in. It is more secure for sure, but security is always at odds with convenience and some users may feel that a passwordless YubiKey login is sufficient for their threat model, especially if they make sure to carry around the YubiKey at all times.

I have managed to repackage the YubiKey for Windows Hello Windows Store application from my previous machine and am thus sharing it with all. However, one caveat is that I had to re-sign the package with a self signed cert since I do not have Yubico's original cert. The steps to install my packaged version are as follows:

  1. Download the appx package and the cert
  2. Double click the cert and install it into the Local Machine's Trusted Root Certification Authorities store. You will need to manually specify the correct store.
  3. Go to Settings -> Use Developer Features and allow install apps from any source
  4. Double click the appx package to install it
  5. Go to Settings -> Set up PIN sign in and set a PIN
  6. Start YubiKey for Windows Hello and go through the steps to set up passwordless login

Note to Yubico

YubiKey for Windows Hello is a abandonware and cannot be obtained from any official website anymore. Please reach out if you have issues with me hosting a copy of it.